Written by Kay Abikoye
On March 24, 2021, the PMI Atlanta Governance Forum hosted speaker Abdul Badruddin, Senior Director of Governance Risk and Compliance at BeyondTrust. Mr. Badruddin delivered a presentation centered around the formation of a Governance Risk and Compliance (GRC) at BeyondTrust and organizational challenges that could arise during implementation.
In the realm of Information Security many framework and regulations such as (ISO 27001, AICPA SOC- American Institute of Certified Public Accountants, Systems and Organizations and Controls; NST 800-53) assist in establishing the foundations of a solid GRC Program.
Mr. Badruddin provided insight to attendees on how to start and manage a GRC program and create adequate buy-in with leadership.
The key attributes of the Governance Model and a successful program include:
- Leadership Acceptance- supports the need and the basic functions of the Governance Model.
- Governance Committee- oversees the entire program and all respective units.
- Subcommittee- consists of functional leaders, performs risk assessment on an ongoing basis.
Mr. Badruddin’s discussed the organizational structure of a GRC which is split into four domains: Governance, Personal, Monitoring and Improvement.
- Subcommittees should be formed based on the industry standards and policies that support the GRC Program.
- Metrics and Key Performance Indicators (KPIs) must be implemented and presented to leadership on a regular basis to promote continued support of the program.
- An Assurance and Auditing procedure must be in place in order to provide continued function of the GRC program.
- The business should have an established process for obtaining a temporary exception to the Standards and Policies approval.
Join us at the next PMI Atlanta Governance forum on April 28th 2021.
Register at www.pmiatlanta.org/events/event-calendar